-
漏洞信息

-
漏洞描述

Windows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker uses a flaw in Windows Management APIs which allows programs to modify other programs which run at a higher permission level. This flaw may lead to a loss of integrity.

-
时间线

公开日期:
2004-10-12

发现日期:
Unknow

利用日期:Unknow

解决日期:Unknow

-
解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

-
不受影响的程序版本

Microsoft Windows XP Professional SP2
Microsoft Windows XP Home SP2

-
漏洞讨论

Microsoft has reported that several unspecified Window Management API functions can allow a local attacker to change the attributes of an application with higher-level privileges to gain elevated privileges on a vulnerable computer.

This issue represents a fundamental design flaw; certain messages used to communicate between windows on a desktop may adversely affect the operation of a receiving process. By altering various properties of window components running with higher privileges, the attacker can create circumstances that may allow buffer overflows and arbitrary code execution.

This issue likely affects some native Windows applications, but other third-party applications may also provide an opportunity for exploits.

-
漏洞利用

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

-
解决方案

Microsoft has released a bulletin that includes fixes to address this issue for supported versions of the operating system.